Bugzilla – Bug 6223
can click login multiple times and accidentally get multiple sessions
Last modified: 2017-11-30 16:20:52
You need to
before you can comment on or make changes to this bug.
Originally reported on bug 5953.
It's possible to click the Login button several times (e.g. doing a double
click) and having the server create multiple sessions. Ideally we want to make
sure that the current transaction is done before we allow the user to start
Note that this is still an issue even if bug 5953 is fixed. On a system which
allows multiple sessions you still don't want to have users accidentally create
extra sessions they don't know about.
Bug 5953 also has a quick and dirty patch for this which could be used as a
basis for a proper fix.
The login button is now disabled after submitting the login form.
Works well. Tested in Firefox, Chrome, Safari, IE and Edge.
 The UI doesn't update in Safari once you've clicked, so you don't see it as
disabled. It is properly disabled though.